Tropic Square’s Secure Element Deployed in The Latest Trezor Crypto Hardware Wallet
TROPIC01 becomes the world’s first transparent secure element to power a consumer device, establishing a new benchmark for open-source hardware security.
"We use TROPIC01 in the Trezor Safe 7 wallet to verify authenticity and to encrypt the seed against the PIN. The seed is not stored in any SE; it is encrypted in the main MCU using a key from Tropic Square and Optiga. An attacker would need to compromise all three independent layers to reach it."
.webp)
Tomáš Sušánka
The first transparent secure element in a hardware wallet.
Hardware wallets keep private keys offline and sign transactions on-device. That handles remote threats. Physical access changes everything. An attacker in a lab can glitch PIN counters, probe debug interfaces, or pull keys through side-channel analysis. Devices can be tampered with in transit before a buyer ever opens the box.
Secure elements exist to resist these attacks. Nearly every one on the market hides its design behind NDAs. Independent verification is impossible. The crypto ecosystem runs on open protocols and public code, but that openness has never reached the silicon protecting private keys.
Trezor Safe 7 integrates TROPIC01 as its open, auditable secure element.
The wallet’s private keys are encrypted on the main microcontroller. They can only be decrypted using a secret held by TROPIC01. The full decryption key is never stored. It is assembled when you enter the correct PIN, exists briefly in memory, then gets discarded.
The integration of TROPIC01 in Trezor Safe 7 marks the beginning of a broader movement toward auditable and adaptable security across industries.
A New Standard for Secure Hardware
TROPIC01's integration into the new Trezor Safe 7 makes it the first open secure element to be used in a globally available consumer product, setting a new industry benchmark for secure hardware.
PIN Protection Through MAC-and-Destroy
Each PIN attempt consumes and permanently destroys a one-time physical slot inside the chip. Only the correct PIN produces a valid cryptographic output. A wrong attempt destroys the slot and yields nothing useful. No branches to glitch, no counters to reset, no stored hash to extract. Security depends on physics and cryptography, not on software correctly executing a conditional check.
Authenticity Verification
Cryptographic certificates provisioned during manufacturing let TROPIC01 prove the device is genuine through signed challenge-response. A cloned or swapped component fails verification. The protocol is documented in the public User API.
Secure Randomness
A dedicated hardware True Random Number Generator provides entropy during wallet creation. The digital design and firmware are open for review, giving researchers more visibility into the randomness implementation than any closed secure element provides.
Physical Attack Resistance
Hardware sensors detect voltage glitching, laser probing, EM interference, and temperature manipulation. An active shield protects memory. Threshold masking and constant reshuffling of internal computations resist side-channel analysis. A stolen device taken to a lab faces hardware-level resistance at every step.
"What we’ve achieved with Trezor is more than a product milestone, it’s a signal for the entire hardware industry."
Jan Pleskac
Years ago, while prototyping with a secure chip, developers at Trezor uncovered critical vulnerabilities. Bound by NDA, they couldn’t disclose details, the vendor dismissed the attack as “out of scope”. Out of scope is an attackers' playground.
That experience revealed the inherent risks of closed-source secure chips and sparked the inception of TropicSquare. A new fabless chip company on a mission to fix what’s broken in hardware security.
.webp)
"We chose the hard way, because anything less wouldn’t cut it for securing private keys to billions of dollars and for other critical applications where security failure is simply not an option."
Instead of locking flaws behind NDAs, we built a secure chip that anyone can attack, inspect and validate. Auditable, open architecture, and free from the black boxes that breed complacency.
We don’t just tolerate scrutiny. We invite it. We encourage independent researchers, academics, and engineers to probe our chips, break them if they can, and push us to continuously improve.
Every attempted exploit drives faster patches, smarter defenses, and stronger hardware. Because security isn’t a static certificate. It’s a living process. One that must evolve as fast as the threats themselves.
Jan Pleskac
Don’t wait — start building now!
Be among the first to innovate with the TROPIC01 Dev Kit — the same high‑performance chip driving Trezor Safe 7. Globally available and ready to ship within days.
